Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3137382e3133322e3139362e302f32342d3234203d3e20383334.roa
File:                     3137382e3133322e3139362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          ulOfXv/1IXNnrqDJaOwNm/K5UeJW+/fpJ2MwQsnJkv0=
Subject key identifier:   9E:8D:62:F0:99:39:08:85:AF:D3:77:E2:3E:83:0A:C2:46:8C:16:92
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       3B55FB3C6D717253192FCC516543E4F2CCB0EFE0
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3137382e3133322e3139362e302f32342d3234203d3e20383334.roa
Signing time:             Sat 25 Jan 2025 13:44:03 +0000
ROA not before:           Sat 25 Jan 2025 13:39:03 +0000
ROA not after:            Sat 24 Jan 2026 13:44:03 +0000
asID:                     834
IP address blocks:        178.132.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:55:fb:3c:6d:71:72:53:19:2f:cc:51:65:43:e4:f2:cc:b0:ef:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Jan 25 13:39:03 2025 GMT
            Not After : Jan 24 13:44:03 2026 GMT
        Subject: CN=9E8D62F099390885AFD377E23E830AC2468C1692
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:99:4a:7e:e3:d8:6f:1e:06:99:5b:67:1c:48:
                    5f:a2:c7:81:02:72:7b:ae:9e:e5:30:a8:77:29:55:
                    70:45:ee:24:6b:49:f6:b2:de:fe:5c:7b:c6:02:b3:
                    5c:cf:e7:11:b1:c9:8d:3f:d5:73:a3:1e:2f:2c:c9:
                    d2:a8:c5:c4:1f:98:04:9c:40:e5:53:af:d4:c8:ec:
                    8c:39:12:8a:e0:29:8e:4c:d5:ad:22:c1:29:45:bc:
                    c1:bc:15:4d:c5:7f:ba:be:ff:b9:9d:1a:b4:fa:af:
                    7c:51:a1:20:4c:b0:57:81:39:51:d7:c0:55:22:26:
                    9d:9b:b4:d2:c0:40:96:4e:ee:09:85:0a:9a:b1:75:
                    fe:24:7a:5f:ec:4f:d3:57:56:5c:93:f0:35:ac:1b:
                    76:b5:bd:3e:9a:23:38:90:a1:3b:c5:12:ec:c4:c0:
                    89:2a:05:6a:3e:98:45:74:97:ee:bf:23:ae:28:c3:
                    97:35:ff:5b:d8:63:11:4e:5e:d7:59:8c:da:47:e4:
                    94:0c:1e:db:ff:8d:44:b7:8b:57:55:8b:4b:a5:2d:
                    19:ea:02:a7:76:18:01:e0:eb:7e:26:87:cc:23:74:
                    88:09:ed:f1:4a:d2:a4:32:d0:a8:5e:72:ac:e5:75:
                    4d:63:0d:f4:d4:0d:62:da:bd:4a:d0:a3:cd:31:de:
                    b9:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:8D:62:F0:99:39:08:85:AF:D3:77:E2:3E:83:0A:C2:46:8C:16:92
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3137382e3133322e3139362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.132.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:d2:54:f0:12:52:64:18:af:c7:3f:5c:e4:b7:fd:af:42:d8:
         34:87:54:92:c4:1b:e2:ef:5f:37:5c:ea:87:c0:9a:3a:36:75:
         4f:aa:99:99:38:82:00:fb:56:a6:4a:3e:95:be:81:cd:03:0d:
         9b:d5:24:33:f0:e1:50:fe:58:aa:b6:7a:f7:14:b7:77:55:e9:
         9f:e5:27:28:24:3f:27:d6:09:5a:33:e9:70:ce:d6:27:1a:fb:
         6d:5e:d0:ae:32:2b:dd:7a:37:42:e0:72:2d:4c:6c:73:21:c3:
         71:d6:ec:da:17:76:41:19:25:35:c2:6e:c6:93:cc:1c:60:6c:
         c9:12:0e:f1:f0:4e:3b:62:0d:99:68:3f:32:0e:52:bd:24:9b:
         bd:e5:cf:cd:d3:67:e1:ba:eb:bd:f2:04:05:7b:c5:f8:35:c9:
         a6:83:fc:40:35:a4:b4:a8:01:cd:28:49:69:d8:07:99:1b:d6:
         31:cc:61:d1:e7:4c:44:9b:51:4c:7e:8d:9d:7a:91:55:64:a6:
         96:e9:ec:8a:eb:64:6b:73:5c:a2:bc:1c:87:0b:7d:32:ec:48:
         78:0d:c4:33:18:c3:6d:63:95:a9:24:59:77:9d:41:bd:6e:0f:
         e6:65:9f:27:0c:08:65:1e:01:46:d0:59:ae:c0:00:76:64:04:
         e8:d0:87:10
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUO1X7PG1xclMZL8xRZUPk8syw7+AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTAxMjUxMzM5MDNaFw0yNjAxMjQxMzQ0MDNaMDMxMTAvBgNV
BAMTKDlFOEQ2MkYwOTkzOTA4ODVBRkQzNzdFMjNFODMwQUMyNDY4QzE2OTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFmUp+49hvHgaZW2ccSF+ix4EC
cnuunuUwqHcpVXBF7iRrSfay3v5ce8YCs1zP5xGxyY0/1XOjHi8sydKoxcQfmASc
QOVTr9TI7Iw5EorgKY5M1a0iwSlFvMG8FU3Ff7q+/7mdGrT6r3xRoSBMsFeBOVHX
wFUiJp2btNLAQJZO7gmFCpqxdf4kel/sT9NXVlyT8DWsG3a1vT6aIziQoTvFEuzE
wIkqBWo+mEV0l+6/I64ow5c1/1vYYxFOXtdZjNpH5JQMHtv/jUS3i1dVi0ulLRnq
Aqd2GAHg634mh8wjdIgJ7fFK0qQy0KhecqzldU1jDfTUDWLavUrQo80x3rn/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUno1i8Jk5CIWv03fiPoMKwkaMFpIwHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzEzNzM4MmUzMTMzMzIyZTMx
MzkzNjJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALKE
xDANBgkqhkiG9w0BAQsFAAOCAQEArtJU8BJSZBivxz9c5Lf9r0LYNIdUksQb4u9f
N1zqh8CaOjZ1T6qZmTiCAPtWpko+lb6BzQMNm9UkM/DhUP5YqrZ69xS3d1Xpn+Un
KCQ/J9YJWjPpcM7WJxr7bV7QrjIr3Xo3QuByLUxscyHDcdbs2hd2QRklNcJuxpPM
HGBsyRIO8fBOO2INmWg/Mg5SvSSbveXPzdNn4brrvfIEBXvF+DXJpoP8QDWktKgB
zShJadgHmRvWMcxh0edMRJtRTH6NnXqRVWSmlunsiutka3Ncorwchwt9MuxIeA3E
MxjDbWOVqSRZd51BvW4P5mWfJwwIZR4BRtBZrsAAdmQE6NCHEA==
-----END CERTIFICATE-----